VA Procurement System Oversight Problems Led to Data Breach
WASHINGTON, DC –Today, Congressman Steve Buyer (R-IN) and Congressman Phil Roe (R-TN) participated in an oversight hearing on the how problems within the Department of Veterans Affairs (VA) procurement system led to the recent data breach.
On April 28, 2010 the Committee was notified of a VA contractor’s stolen unencrypted laptop with access to VA medical center data, including the personal identifying information of 644 veterans.
“To place our veteran’s personal and medical information at risk is irresponsible,” commented Dr. Roe who serves as the Ranking Member of the Subcommittee on Oversight and Investigation. “These men and women have placed their lives in jeopardy to secure our freedom and fight for our nation. That is why it is unacceptable for VA to repay them by tossing caution to the wind with respect to their personal information. VA must take immediate action to secure sensitive information, and to ensure that all contractors requiring access to VA data provide adequate protections.”
“VA holds ultimate responsibility for ensuring that veterans’ personal information is secure,” said House Committee on Veterans’ Affairs Ranking Member Buyer. “This has serious implications for the procurement system. VA must ensure that contractors possess encryption capabilities within their IT systems.”
“I would think that this would be readily apparent to senior management at VA, especially after the 2006 incident that cost taxpayers $48 million to correct. Unfortunately it was not, so VA finds itself in a similar predicament.”
“The most current data breach involves a contractor that had sixty-nine contracts in thirteen regions with a total of more than thirty VA Medical Centers” continued Buyer. “Twenty-five of these contracts lacked security clauses requiring contractors to protect veterans’ personal information. The contractor signed false certificates of compliance with the security clauses, but no one at VA verified that security measures were actually in place.”
“I have long held concerns over the procurement contracting process at VA,” concluded Buyer. “It is highly decentralized, with limited contract review or oversight. I hope that this incident will serve as a wakeup call to VA, and I hope that we can now have a serious discussion about reforming VA’s broken procurement system.”
For more news from House Committee on Veterans’ Affairs Republicans, please go to: http://republicans.veterans.house.gov/